And the impact of such changes on a browser is significant. As Microsoft explained: “Cybercriminals abusing affiliate programs is not new—browser modifiers are some of the oldest types of threats.
“However, the fact that this campaign utilises a piece of malware that affects multiple browsers is an indication of how this threat type continues to be increasingly sophisticated.
“In addition, the malware maintains persistence and exfiltrates website credentials, exposing affected devices to additional risks.”
The Windows 10 makers said between May and September they spotted 159 unique domains used to distribute hundreds of thousands of malware samples as part of the Adrozek campaign.
Some of these domains were active for just a single day, while others were live longer for up to 120 days.
Many of these domains themselves hosted tens of thousands of URLs, with one hosting almost 250,000 – underlining the massive infrastructure used in this latest malware campaign.